National Australia Bank began contacting about 13,000 customers on Friday night to advise them of a security breach involving customer names, dates of birth, contact details and in some cases, a government-issued identification number, such as driver's licence numbers.

The disclosure of the breach comes after the private details of almost 100,000 Australian bank customers were exposed in a cyber attack on the real-time payments platform PayID, which allows the instant transfer of money between banks using either a mobile number or email address. That breach involved compromised Westpac customers accounts being used to facilitate the attack.

NAB said the issue was human error and in breach of NAB's data security policies.Credit:James Elsby

In a statement disclosing the breach on Friday night, NAB said personal information provided when customer accounts were set up was uploaded, without authorisation, to the servers of two data service companies.

NAB said its security team had contacted the companies involved, who advised that all information provided to them would be deleted within two hours.

Advertisement

"We take the privacy and the protection of customer information extremely seriously and I sincerely apologise to affected customers. We take full responsibility," NAB chief data officer, Glenda Crisp, said. "The issue was human error and in breach of NAB's data security policies."

Ms Crisp said the incident was not a cyber security issue and that no NAB log-in details or passwords had been compromised.

"Our number one priority is to support our customers," she said.

"We are moving quickly to proactively contact every person affected."

NAB said it was calling, emailing or writing to each impacted customer individually.

If government identification documents needed to be reissued, NAB said it would cover the cost. NAB added that it would also cover the cost of independent, enhanced fraud detection identification services for affected customers.

"We have reviewed these customers' accounts, over and above our rigorous normal checks, and have not identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts," Ms Crisp said.

NAB has also notified and is working with industry regulators, including the Privacy Commissioner.

"We take full responsibility. We can assure you that we understand how this happened and we are making changes to ensure this does not happen again," Ms Crisp said.

The Privacy Commissioner said then that CBA had made the commitment after it lost magnetic tapes containing the records of up to 20 million accounts in 2016, and after a 2018 case in which bank staff had access to systems containing personal information about life insurance customers.